Published On: Thu, Apr 15th, 2021

Microsoft: Microsoft has a ‘warning’ on Google contact IDs


Microsoft has warned against a new, unique malware that can infect your computer via websites’ contact forms with fake legal threats. Attackers are using legitimate Google URLs to get into a computer system. The URLs require the target to sign in with his/her Google credentials and which leaves the system compromised.
As per Microsoft, the contact forms on websites are being abused by hackers to deliver malicious links. In the emails, a link is given so that the target can check the evidence behind the allegation. As soon as they click on the link, a malware called IcedID gets downloaded which can steal data from their computer systems and also lead to the installation of ransomware. The hackers are using Google URLs to cause the target to believe that it is safe to click.
The malicious emails
An example of such malicious email is given below:
“Hello. This is Meleena and I am a qualified photographer and illustrator. I was surprised, mildly speaking, when I saw my images at your website. If you use a copyrighted image without an owner’s consent, you must be aware that you could be sued by the copyright owner if it is unlawful to use stolen images and it’s so cheap! Here is this document with the links to my
images you used at (the website) and my earlier publications to get the evidence of my legal copyrights. Download it now and check this out for yourself.
(the malicious link)
If you don’t remove the images mentioned in the document above during the next few days. I’ll file a to your hosting provider informing them that my copyrights have been severely infringed and I am trying to protect my intellectual property And it doesn’t help trust me I am going to take it to court! And you won’t receive the second notice from me.”
Microsoft said in the blog post: “After the email recipient signs in, the sites.google.com page automatically downloads a malicious ZIP file, which contains a heavily obfuscated .js file. The malicious .js file is executed via WScript to create a shell object for launching PowerShell to download the IcedID payload (a .dat file), which is decrypted by a dropped DLL loader, as well as a Cobalt Strike beacon in the form of a stageless DLL, allowing attackers to remotely control the compromised device.”



Source link

About the Author

-

Displaying 2 Comments
Have Your Say
  1. WWW.XMC.PL says:

    Just to let you know, this post seems a little bit weird from my android phone. Who knows perhaps its just my phone. Great article by the way.

  2. Ekskluzywne Domeny says:

    I beloved as much as you’ll obtain carried out right here. The sketch is tasteful, your authored subject matter stylish. nonetheless, you command get bought an nervousness over that you would like be delivering the following. sick unquestionably come further before again as exactly the same just about a lot ceaselessly within case you defend this increase.

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


MOJOBET89 merupakan salah satu situs judi slot online terpercaya dengan jackpot terbesar yang bisa anda menangkan dengan gampang. Silahkan bergabung bersama kami apabila ingin bermain judi online yang menguntungkan menggunakan uang asli dengan modal bet slot kecil.